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*193 Claim 1 


^ — ' — — i i p 

IT Construction 


MS Construction 


1. 


LA method 
comprising: 


The claim contains no requirement of 
aVDE, 


Claim as a whole: The recited 


method is performed within a VDE. 
(See item #86 for Microsoft's 
construction of VDE.) 


2. 


receiving a digital 
file including 
music. 






3. 


storing said digital 
file in a first secure 
memory of a first 
device; 


secure: One or more mechanisms are 
employed to prevent, detect or 
discourage misuse of or interference 
with information or processes. Such 
mechanisms may include 
concealment. Tamper Resistance, 
Authentication and access control. 
Concealment means that it is difficult 
to read information (for example, 
programs may be encrypted). 
Tamper Resistance and 
Authentication are separately defined 
(see item #67 and item #27, 
respectively, below). Access control 
means that access to information or 
processes is limited on the basis of 
authorization. Security is not 
absolute, but is designed to be 
sufficient for a particular purpose. 


secure: (1) A state in which all users 
of a system are guaranteed that all 
information, processes, and devices 
within the system, shall have their 
availability, secrecy, integrity, 
authenticity and nonrepudiation 
maintained agairlst all of the 
identified threats thereto. 

(2) "Availability" means the property 
that information is accessible and 
usable upon demand by authorized 
persons, at least to the extent that no 
user may delete the information 
without authorization. 

(3) "Secrecy," also referred to as 
confidentiality, means the property 
that information (including computer 
processes) is not made available or 
disclosed to unauthorized persons or 
processes. 

(4) "Integrity" means the property 
that information has not teen altered 

*»ith#»r intpntinriJillv OT a^ccidcntAllv 

(5) "Authenticity" means the property 
that the characteristics asserted about 
a person, device, program, 
information, or process are genuine 
and timely, particularly as to identity, 
data integrity, and origin integrity. 

(6) "Nonrepudiation" means the 
property that a sender of information 
cannot deny its origination and that a 
recipient of information cannot deny 
its receipt. 
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4. 


storing infonnation 
associated with said 
digital file in a 
secure database 
stored on said first 
device, 

said information 
including at least 
one budget control 
and 


secure: see item #3 above 

budget: Information specifying a 
limitation on usage. 

control: Information and/or 
progranuning controlling operations 
on or use of resources (e.g., content) 
including (a) permitted, required or 
prevented operations, (b) the nature 
or extent of such operations or (c) the 
consequences of such operations. 


secure: see item #3 above 

budget: (1) A unique type of 
"method" that specifies a 
decrementable numerical limitation 
on future Use (e.g., copying) of 
digital information and how such Use 
will be paid for, if at all, 
(2) A "method" is a collection of 
basic instructions, and information 
related to basic instructions, that 
provides context, data, requirements, 
and/or relationships for use in 
performing, and/or preparing to 
perform, basic instructions in relation 
to the operation of one or more 
electronic appliances. 

control: (1) Independent, special- 
purpose, Executable, which can 
execute only within a Secure 
Processing Environment (see below). 

(2) Each VDE Control is a 
Component Assembly dedicated to a 
particular activity (e.g., editing, 
modifying another Control, a user- 
defined action, etc.), particular 
user(s), and particular protected 
information, and whose satisfactory 
execution is necessary to Allowing 
(see below) that activity. 

(3) Each separate information Access 
(see below) or Use is independently 
Controlled by independent VDE 
Control(s). 

(4) Each VDE Control is assembled 
within a Secure Processing 
Environment from independently 
deliverable modular components 
(e.g.. Load Modules (see below) or 
other Controls), dynamically in 
response to an information Access or 
Use Request. 

\D) 1 ne oynamic assemoiy oi a 
Control is directed by a "blueprint" 
Record (see below) (put in place by 
one or more VDE users) Containing 
control information identifying the 
exact modular code components to be 
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assembled and executed to govern 
(i.e.. Control) this particular activity 
on this particular inSformation by this 
particular user(s). 

(6) Each Control is independently 
assembled, loaded and delivered vis- 
Jt-vis other Controls. 

(7) Control information and Controls 
are extensible and can be configured 
and modified by all users, and 
combined by all users with any other 
VDE control information or Controls 
(including that provided by other 
users), subject only to "senior*' user 
Controls. 

(8) Users can assign control 
information (including alternative 
control information) and Controls to 
an arbitrarily fine, user-defined 
portion of the protected information, 
such as a single paragraph of a 
document, as opposed to being 
limited to file-based controls. 

(9) VDE Controls reliably limit Use 
of the protected information to only 
authorized activities and amounts. 

For the purposes of the construction 
of "Control," a "'Secure Processing 
Envirownen/" is defined as: A 
Secure Processing Enviroiunent is 
uniquely identifiable, self-contained, 
non-circumventable, and trusted by 
all other VDE nodes to protect the 
availability, secrecy, integrity and 
authenticity of all information 
identified in the patent application as 
being protected, and to guarantee that 
such information will be accessed and 
Used only as expressly authorized by 
the associated VDE Controls, and to 
guarantee that all requested reporting 
of and payments for protected 
information use will be made. A 
Secure Processing Environment is 
formed by, and requires, a Secure 
Processing Unit having a hardware 
Tamper Resistant Barrier 
encapsulating a processor and internal 
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Secure memory. The Tamper 
Resistant Barrier prevents all 
unauthorized interference, removal, 
observation, and other Use of the 
information and processes within it. 

For the purposes of the construction 
of "Control," ''Allowing'' is defined 
as: Actively permitting an action that 
otherwiise cannot be taken (i.e., is 
prohibited) by any user, process, or 
device. In VDE, an action is allowed 
only through execution (witfiin a 
Secure Processing Environment) of 
the VDE Control(s) assigned to the 
particular action request, and 
satisfaction df all requirements 
imposed by such execution. 

For the purposes of the construction 
of "Control," ''Access*' is defined as: 
To satisfactorily perform the steps 
necessary to obtain something so that 
it can be Used in some manner (e.g., 
for information: copied, printed, 
decrypted, encrypted, saved, 
modified, observed, or moved, etc.). 
In VDE, access to protected 
information is achieved only through 
execution (within a Secure 
Processing Environment) of the VDE 
ControI(s) assigned to the particular 
"access" request, satisfaction of all 
requirements imposed by such 
execution, and the Controlled 
opening of the Secure Container 
Containing the information. 

For the purposes of the construction 
of "Control," a "Load Module'' is 
defined as: An Executable, modular 
unit of machine code (which may 
include data) suitable for loading into 
memory for execution by a processor. 
A load module is encrypted (when 
not within a secure processing unit) 
and has an Identifier that a calling 
process must provide to be able to use 
the load module. A load module is 
combinable with other load modules. 
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and associated data, to form 
Executable Component Assemblies. 
A load module can execute only in a 
VDE Protected Processing 
Environment Library routines are 
not load modules and dynamic link 
libraries are not load modules. 

For the purposes of the construction 
of "Control " a ''Record' is defined 
as: A data structure that is a 
collection of fields (elements), each 
with its own name and type. Unlike 
an array, whose elements are 
accessed using an index, the elements 
of a record are accessed by name. A 
record can be accessed as a collective 
unit of elements, or the elements can 
be accessed individually. 



5. 



at least one copy 
control. 



copy : To reproduce. The 
reproduction must be usable, may 
incorporate all of the original item or 
only some of it, and may involve 
some changes to the item as long as 
the essential nature of the content 
remains unchanged. 

control: see item #4 above 



copy: (1) To reproduce all of a 
Digital File (see below) or other 
complete physical block of data from 
one location on a storage medium to 
another location on the same or 
different storage medium, leaving the 
original block of data unchanged, 
such that two distinct and 
independent objects exist. 

(2) Although the layout of the data 
values in physical storage may differ 
from the original, the resulting 
"cop/' is logically indistinguishable 
from the original. 

(3) The resulting "copy" may or may 
not be encrypted, ephemeral, usable, 
or accessible. 

For the purposes of the construction 
of "Copy," a ''Digital File" is 
defined as: A named, static unit of 
storage allocated by a "file system" 
and Containing digital information. 
A digital file enables any application 
using the "file system" to randomly 
access its contents and to distinguish 
it by name from every other such 
unit. A copy of a digital file is a 
separate digital file. A "file system" 
is the portion of the operating system 
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that translates requests made by 
application programs for operations 
on "files" into low-level tasks that 
can control storage devices such as 
disk drives. 

control: see item #4 abovie 


6. 


said at least one 
budget control 
including a budget 
specifying the 
number of copies 
which can be made 
of said digital file ; 


budget: see item #4 above 
control: see item #4 above 
a budeet soecifvine the number of 


budget: see item #4 above 
control: see item #4 above 
a budget specifying the number of 


copies which can be made of said 


copies which can be made of said 


digital file: Normal English, 
incorporating the separately defined 
terms: a Budget stating the number 
of copies that can be made of the 
digital file referred to earlier in the 
claim. 


digital file: A Budget explicitly 
stating the total number of copies 
(whether or not decrypted, long-lived, 
or accessible) that (since creation of 
the Budget) are authorized to be 
made of the Digital File by any and 
all users, devices, and processes. No 
process, user, or device is able to 
malff* another conv of the Digital File 
once this number of copies has been 
made. 

For the purposes of the construction 
of this phrase, ""Digital File*' is 
defined as set forth in item #5, above. 


7. 


and said at least one 
copy control 
controlling the 

copies made of said 
digital file; 


copy: see item #5 above 

control: see item #4 above 

controlline: Normal English: 
exercising authoritative or 
dominating influence oven directing. 

controlling the conies made of said 
digital file: The nature of this 
operation is further defined in later 
claim elements. In context, the copy 
control determines the conditions 
under which a digital file may be 
Copied and the copied file stored on a 
second device. 


copy: see item #5 above 

control: see item #4 above 

controlling: (1) ReHably defining and 
enforcing the conditions and 
requirements under which an action 
that otherwise cannot be taken, will 
be Allowed, and the manner in which 
it may occur. Absent verified 
satisfaction of those conditions and 
requirements, the action cannot be 
taken by any user, process or device. 

(2) In VDE, an action is Controlled 
through execution of the applicable 
VDE Control(s) witfim a VDE 
Secure Processing Environment. 

(3) More specifically, in VDE, 
Controlling is effected by use of 
VDE Controls, VDE Secure 
Containers, and VDE foundation 
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(including VDE Secure Processing 
Environment, "object registration/' 
and other mechanisms for allegedly 
individually ensuring that specific 
Controls are enforced vis-k-vis 
specific objects (and their content at 
an arbitrary granular level) and 
specific **users"). 

For the purposes of the construction 
of "Control (v.)" et al, "AHowed" and 
"Secure Processing Environment' are 
defined as set forth in item #4, above. 



controlling the copies made of said 
digital file : Controlling Uses of and 
Accesses to all copies of the Digital 
File, by all users, processes, and 
devices, by executing each of the 
recited "at least one" Copy 
ControKs) within VDE Secure 
Processing Environment(s). Each 
Control governs (Controls) only one 
action, which action may or may not 
differ among the different "at least 
one'' Controls. All Uses and 
Accesses are prohibited and incapable 
of occurring except to the extent 
Allowed by the "at least one" Copy 
Control(s). 

For the purposes of the construction 
of this phrase, ^'Secure Processing 
Environment'^ ''Access*' and 
''Allowed' are defined as set forth in 
item #4, above. 
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10 



11 



determining 
whether said digital 
file may be copied 
and stored on a 
second device 
based on at least 
said copy control; 
if said copy control 
allows at least a 
portion of said 
digital file to be 
copied and stored 
on a second device. 



13 



copying at least a 
portion of said 
digital fi le; 



transferring at least 
a portion of said 
digital file to a 
second device 
including a memory 
and an audio and/or 
video output; 
storing said digital 
file in said memory 
of said second 
device; and 



including playing 
said music through 
said audio output. 



control: see item #4 above 



control: see item #4 above 



nn pving (copv) : see item #5 above 



control: see item #4 above 



control: see item #4 above 
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11, A method 
I comprising: 



15.| receiving a digital 
file; 



16.| storing said digital 
file in a first secure 
memory of a first 

device; 

17 1 storing information 
associated with 
said digital file in a 
secure database 
stored on said first 
device, 

said information 
including a first 
control: 



secure : see item #3 above 
control: see item #4 above 



18-1 determining 

whether said digital 
file may be copied 
and stored on a 
I second device 
based on said first 
control, said 
determining step 
I including 
I identifying said 
second device and 
determining 
I whether, 



nn pied (copy) : see item #5 above 
control: see item #4 above 



method is performed within a VDE. 
(See item #86 for Microsoft's 
construction of VDE.) 



secure: see item #3 above 



secure : see item #3 above 
control: see item #4 above 



19.1 said first control 
allows transfer of 
I said copied file to 
said second device, 
said determination 
I based at least in 
j part on the features 
present at the 
I device to which 
said copied file is 
to be transferred; 



control : see item #4 above 
co pied (copy) : see item #5 above 



ro pied (copv) : see item #5 above 
control: see item #4 above 



ro pied fcopv) : see item #5 above 
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21 



22 



<193 Claim 11 
if said first control 
allows at least a 
portion of said 
digital file to be 
copied and stored 
on a second device, 



copying at least a 
portion of said 
digital fi le; 



transferring at least 
a portion of said 
digital file to a 
second device 
including a 
memory and an 
audio and/or video 



co pied (copy) : see item #5 above 



co pying fcopv) : see item #5 above 




co pied (copy) : see item #5 above 



co pying (copv) : see item #5 above 



EXHIBIT A TO JOINT CLAIM CONSTRUCTION STATEMENT 
Page 10 of 40 



25 



26 



27 



28 



I. P atent No. 6^3.193. Asserted 
IT Construction 



15 



MR Construction 



15. A method 
comprising: 



riaim as a whole : The recited 
method is performed within a VDE. 
(See item #93 for Microsoft's 
construction of VDE.) 



receiving a digital 
file; 



an authentication 

step comprising: 



accessing at least 
one identifier 
associated with a 
first device or with 
a user of siaid first 
device; and 



29 



30. 



31 



determining 
whether said 
identifier is 
associated with a 
device and/or user 
authorized to store 
said digital file; 



authentication : Identifying (e.g., a 
person, device, organization, 
document, file, etc.). Includes 
j uniquely identifying or identifying as 
a member of a group. 



identifier : Information used to 
I identify something or someone (e.g., 
a password). 

I In this definition, "identify" means to 
I establish the identity of or to 

ascertsdn the origin, nature, or 
I definitive characteristics of; includes 
I identifying as an individual or as a 

member of a ^rout 

identifier : see item #28 above 



I authentication : To establish that the 
following asserted characteristics; of 
something (e.g., a person, device, 
organization, document, file, etc.) are 
genuine: its identity, its data 
integrity, (i.e.. it has not been altered) 
and its origin integrity (i.e., its source 

and t ime of origination). 

identifier Any text string used as a 
label naming an individual instance 
of what it Identifies (see below) 

For the purpose of the construction of 
"Identifier," "/denri^" is defined as: 
To establish as being a particular 
instance of a person or thing. 

identifier: see item #28 above 



storing said digital • 
file in a first secure 
memory of said 
first device, but 
only if said device 
and/or user is so 
authorized, but not 
proceeding with 
said storing if said 
device and/or user 
is not authorized; 



secure: see item #3 above 



storing information 
associated with said 
digital file in a 
secure database 
stored on said first 



secure: see item #3 above 
control: see item #4 above 



secure : see item #3 above 
control: see item #4 above 
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I device, said 
information 
including at least 
one control; 



32.1 determining 

whether said digital 
file may be copied 
and stored on a 
second device 
based on said at 
least one control; 

33.1 if said at least one 
control allows at 
least a portion of 
said digital file to 
be copied and 
stored on a second 
I device, 

34. copying at least a 
portion of said 
digital file; 

35. | tr^sferring at least 
a portion of said 
distal file to a 
second device 
including a memory 
and an audio and/or 
video output; 



MS Construction 



nn pied fcopv) : see item #5 above 



control : see item #4 above 



control : see item #4 above 



co pied (copv) : see item #5 above 
control: see item #4 above 



rn pied (copy) : see item #5 above 



control : see item #4 above 
copied (copvV . see item #5 above 



"rn pving fcopv) : see item #5 above copyinR (copy) : see item #5 above 



36. storing said digital 
file in said memory 
of said second 
device; and 
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39 



40 



19. A method 
comprising: 



The claim contains no requirement 
of a VDE. 



receiving a digital 
file at a first 
device; 
establishing 
communication 
between said first 
device and a 
clearinghouse 
located at a 
location remote 
firom said first 
device; 



j clearinghouse : A provider of 
financial and/or administrative 
services for a number of entities; or 
an entity responsible for the 
collection, maintenance, and/or 

I distribution of materials, 
information, licenses, etc. 



41 



142 



said first device 

obtaining 

authorization 

information 

including a key 

from said 

clearinghouse; 

said first device 

using said 
authorization 
information to gain 
access to or make 
at least one use of 
said first digital 
file, including 
using said key to 
decrypt at least a 
portion of said first 
digital file; and 



43.1 receiving a first 
control from said 
clearinghouse at 
said first device; 



clearinghouse : see item #40 above 



use: Normal English: to put into 
service or apply for a purpose, to 
employ. 



riaim as a whole : The recited 
method is performed within a VDE. 
(See item #86 for Microsoft's 
construction of VDE.) 



I clearinghouse : (1) A computer 
system that provides intermediate 
I storing and forwarding services for 
both content and audit information, 
and which two or more parties trust 
to provide its services independentiy 
because it is operated under 
I constraint of VDE security. 
(2) "Audit information" means all 
1 information created, stored, or 
reported in connection with an 
"auditing" process. "Auditing" 
means tracking, metering and 
reporting the usage of particular 
i nformation or a particular appliance, 
clearinghouse : see item #40 above 



control : see item #4 above 
clearin ghouse : see item #40 above 



use : (1) To use information is to 
perform some action on it or with it 
(e.g.> copying, printing, decrypting, 
encrypting, saving, modifying, 
observing, or moving, etc.). 
(2) In VDE, information Use is 
Allowed only through execution of 
the appUcable VDE Control(s) and 
satisfaction of all requirements 
I imposed by such execution. 

For the purposes of the construction 
of *TJse," ''Allowed' is defined as set 
forth in item #4, above, 
control : see item #4 above 

clearinghouse : see item #40 above 
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44.| storing said first 
digital file in a 
memory of said 
I first device; 



I 45.| using said first 
control to 
I determine whether 
said first digital file 
may be copied and 
stored on a second 
device; 



control : see item #4 above 
co pied (copy) : see item #5 above 



control : see item #4 above 
I co pied (copv) : see item #5 above 



[46.nf said first control | control : see item #4 above 

i allows at least a . . u 

I portion of said first | copied (copy): see item #5 above 

distal file to be 
I copied and stored 
on a second device. 



I control : see item #4 above 
co pied (copy) : see item #5 above 



"47 I copying at least a 
portion of said first 
I digital file; 



co pying (copy) : see item #5 above 



48. 



transferring at least 
a portion of said 
first digital file to a 
second device 
including a 
memory and an 
audio and/or video 

output; 

storing said first 
digital file portion 
in said memory of 
said second device; 
and 



50, 



, rendering said first 
digital file portion 
through said 
output. 
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'^ya Claim 2 

2. A system 
including: 



52. 



53. 



54. 



57 



Patent No. 6.185.683. Assertcc I 
IT Construction 



1 The claim contains no requirement 
of aVDE. 



MS Construction 
Claim as a Whole: The "system" is a 
VDE. (See item #86 for Microsoft's 
construction of VDE.) 



a first apparatus 
including, 



user controls, 



control: see item #4 above 



a conununications 
port, . 



a processor, 
a memory storing: 



a first secure 
container 



^prnre container A container that is 
Secure. 

In this definition, "contained* means 
a digital file containing linked and/or 
embedded items. 



control: see item #4 above 



secure container - (1) A VDE Secure 
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Container is a self-contained, self- 
protecting data structure vrhich (a) 
encapsulates information of arbitrary 
size, type, format, and organization, 
including other, nested, containers, 
(b) cryptographically protects that 
information from all unauthorized 
Access and Use, (c) provides 
encrypted storage management 
functions for that information, such 
as hiding the physical storage 
location(s) of its protected contents, 
(d) permits the association of itself or 
its contents with Controls and 
control information governing 
(Controlling) Access to and Use 
thereof, and (e) prevents such Use or 
Access (as opposed to merely 
preventing decryption) until it is 
"opened." 

(2) A Secure Container can be 
opened only as expressly Allowed by 
tiie associated VDE Control(s), only 
within a Secure Processing 
Environment, and only through 
decryption of its encrypted header. 

(3) A Secure Container is not 
directly accessible to any non-VDE 
or user calling process. All such calls 
are intercepted by VDE. 

(4) The creator of a Secure 
Container can assign (or allow 
others to assign) control information 
to any arbitrary portion of a Secure 
Container's contents, or to an empty 

I Secure Container (to govern 



59 



^683 Claim 2 



containing a 

governed item. 



the first secure 
container governed 
item being at least 
in part encrypted; 
the first secure 
container having 
been received ftx)m 
a second apparatus 



IT Construction 



MS Construction 
(Control) the later addition of 
contents to the container, and Access 
to or Use of those contents). 

(5) A container is not a Secure 
Container merely because its 
contents are encrypted and signed. A 

I Secure Container is itself Secure. 

(6) All VDE-protected information 
(including protected content, 
information about content usage, 
content-control information, 

I Controls, and Load Modules) is 
encapsulated within a Secure 
Container whenever stored outside a 

I Secure Processing Environment or 
secure database. 

I For the purposes of the construction 
of "Secure Container " ''Secure 
Processing Environment,'' ''Load 

I Module^ "Access'' and "A/tow" are 
defined as set forth in item #4, above. 



containing : Normal English: having 
within or holding. In the context of 
an element contained within a data 
structure (e.g., a secure container), 
the contained element may be either 
directly within the container or the 
container may hold a reference 
indicating where the element may be 

found. 

5;p^ure container: see item #57 above 



containing : Physically (directly) 
storing within, as opposed to 
addressing (i.e., referring to 
something by the explicitly identified 
location where it is stored, without 
directly storing it). 



secure container see item #57 above 
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i60.| a First secure 
container nile 
at least in part 
governing an 
aspect of access to 
or use of said first 
secure container 
governed item, 
the first secure 
container rule, the 
first secure 
container rule 
having been 
received from a 
third apparatus 
different from said 
second apparatus; 

and 

hardware or 
software used for 
receiving and 
opening secure 
containers, 
said secure 
containers each 
including the 
capacity to contain 
a governed item, a 
secure container 
rule being 
associated with 
each of said secure 
containers; 
[ 62. 1 a protected 
processing 
environment at 
least in part 
protecting 
information 
contained in said 
protected 
processing 
environment from 
tampering by a user 
of said first 
apparatus. 



TT Construction 

Qpnnre container see item #57 above 



aspect : 
state. 



Feature, element, property or 



use: see item #42 above 



MS Construction 

Rftcure container see item #57 above 

aspect : An aspect of an environment 
is a persistent element or property of 
that environment that can be used to 
distinguish it from other 
I environments. 



use: 



see item #42 above 



Wnmcontainer see item #57 above | secumco^^ see item #57 above 



onntain (containing) : see item #58 
above 



contain (containing) : see item #58 
above 



I protected pro cessing environment: 
An environment in which processing 
and/or data is at least in part 
protected from tampering. The level 
of protection can vary, depending on 
the threat. 



In this definition, "environment" 
means capabilities available to a 
program running on a computer or 
other device or to the user of a 
computer or other device. 
Depending on the context, the 
environment may be in a single 
device (e.g., a personal computer) or 

j may be spread amonp multiple 
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protected processing e nvironment: 

(1) A uniquely identifiable, self- 
contained computing base trusted by 
all VDE nodes to protect the 
availability, secrecy, integrity and 
authenticity of all information 
identified in the February, 1995, 
patent application as being protected, 
and to guarantee that such 
information will be Accessed and 
Used only as expressly authorized by 

i VDE Controls. 

(2) At most VDE nodes, the 
Protected Processing Environment 
is a Secure Processing Environment 
which is formed by, and requires, a 



r^r^r.t^\neA (containing) : see item #58 



above 



Construction 
hardware Tamper Resistant Barrier 

encapsulating a special-purpose 
Secure Processing Unit having a 
processor and internal secure 
memory. ^^Encapsulated" means 
lidden within an object so that it is 
not directly accessible but rather is 
accessible only through the object's 
restrictive interface. 

(3) The Tamper Resistant Barrier 
prevents all unauthorized (intentional 
or accidental) interference, removal, 
observation, and use of the 
information and processes within it, 
by all parties (including all users of 
the device in which the Protected 
Processing Environment resides), 
except as expressly authorized by 
VDE Controls. 

(4) A Protected Processing 
Environment is under Control of 
Controls and control information 
provided by one or more parties, 
rather than being under Control of 
the appliance's users or programs. 

(5) Where a VDE node is an 
established financial Clearinghouse, 
or other such faciUty employing 
physical facility and user-identity 
Authentication security procedures 
trusted by all VDE nodes, and die 
VDE node does not Access or Use 
VDE-protected information, or 
assign VDE control information, then 
the Protected Processing 
Environment at that VDE node may 
instead be formed by a general- 
purpose CPU that executes all VDE 
**security" processes in protected 
(privileged) mode. 
(6) A Protected Processing 
Environment requires more than just 
verifying the integrity of Digitally 
Signed Executable programming 
prior to execution of the 
programming; or concealment of the 
program, associated data, and 
execution of the program code; or use 
of a passwor d as its p rotection^ 
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MS Construction 

mechanism. 

For the purposes of the construction 
of "Protected Processing 
Environment," "Secure Processing 
I Environment and "Access" are 
defined as set forth in item #4, above, 

I contained (containing) : see item #58 
above ' 



63. 1 said protected 
processing 
environment 
including hardware 
or software used for 
applying said first 
secure container 
rule and a second 
secure container 
rule in combination 
to at least in part 
govern at least one 
aspect of access to 
or use of a 
governed item 
contained in a 
secure container; 
and 

64. 1 hardware or 

software used for 
transmission of 
secure containers 
to other apparatuses 
or for the receipt of 
secure containers 
from other 
a pparatuses. 



protected processing en vironment: 
I see item #62 above 
QftTiire container see item #57 above 
aspect : see item #60 above 
use : see item #42 above 
nr^nt^inpd (containing) : see item #58 
above 



protected processing ; environment: 
i see item #62 above 

gftcure container , see item #57 above 
j aspect : see item #60 above 

use : see item #42 above 

contained (containing) : see item #58 

above 



.e^nre container see item #57 above | secure conuiner see item #57 above 
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65.| LA security 

method comprising: 



66.| digitally signing a 
first load module 
with a first distal 
signature 
I designating the 
first load module 
for use by a first 
device class; 



P atent No. 6,157,721, Asserted 
TT Construction 

The claim contains no requirement of 
aVDE. 



MS Construction 



riflim as a whole : The recited 
method is performed within a VDE. 
(See item #86 for Microsoft's 
construction of VDE.) 



flipital si gnature : A digital value, 
verifiable with a key, that can be used 
to determine the source and/or 
integrity of a signed item (e.g., a file, 
program, etc.). 

Di^tally signing is the process of 
creating a digital signature. 

desi gnating : Normal English: 
I indicating, specifying, pointing out or 
1 characterizing, 
use: see item #42 above 
device class : A group of devices 
I which share at least one attribute. 



flip itallv signing : 

(1) Creating a Digital Signature 
I using a secret Key (see below). 

(2) In symmetric key cryptography, a 

"secret key*' is a Key that is known 

only to the sender and recipient In 
I asymmetric key cryptography, a 

"secret key" is the private Key of a 
I public/private key pair, in which the 

two keys are related uniquely by a 

predetermined mathematical 
i relationship such that it is 

computationally infeasible to 

determine one from the other. 

For the purposes of the construction 
of "Digital Signing," a is 
defined as: A bit sequence used and 
needed by a cryptographic algorithm 
to encrypt a block of plain text or to 
decrypt a block of cipher text. A key 
is different from a key seed or other 
information from which the actual 
encryption and/or decryption key is 
constructed. Derived, or otherwise 
identified. In symmetric key 
cryptography, the same key is used 
for both encryption and decryption. 
In asymmetric or "public ke/' 
cryptography, two related keys are 
used; a block of text encrypted by one 
of the two keys (e.g., the "public 
key") can be decrypted only by the 
corresponding key (e.g., the "private 
key"). 



di gital signature : A computationally 
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unforgeable string of characters (e.g., 
bits) generated by a cryptographic 
operation on a block of data using 
some secret. The string can be 
generated only by an entity that 
knows the secret, and hence provides 



67 
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digitatty signing a 
second load module 
with a second 
digital signature 
different from the 
first digUal 
signature, the 
second digital 
signature 
designating the 
second load module 
for use by a second 
device class having 
at least one of 
tamper resistance 
and security level 
different from the at 
least one of tamper 
resistance and 
security level of the 
first device class; 



IT Construction 



MS Construction 

evidence that the entity must have 
generated it. 

designating : Designating something 
for a particular Use means specifying 
it for and restricting it to that Use. 

use : see item #42 above 

device class : The generic name for a 
group of device types. For example, 
all display stations belong to the same 
device class. A device class is 
different from a device type. A 
device type is composed of all 
devices that share a common model 
number or family (e.g. IBM 4331 
printers) 



designating : see item #66 above designating: see item #66 above 



use: see item #42 above 



use: see item #42 above 



device class: see item #66 above device class: see item #66 above 



tam per resistance : Making tampering 
more difficult and/or allowing 
detection of tampering. 

In this definition, "tampering" means 
using (e.g., observing or altering) in 
any unauthorized manner, or 
interfering with authorized use. 



j tam per resistance : The ability of a 
Tamper Resistant Barrier to 
prevent Access, observation, and 
interference with information or 
processing encapsulated by the 
barrier, 

For the purposes of the construction 
of 'Tamper Resistance," 
''Tamper/Tampering"" is defined as: 
I Using (e.g., observing or altering) in 
any unauthorized manner, or 
interfering with authorized use. 

For the purposes of the construction 
of 'Tamper Resistance," '"Access'" is 
defined as set forth in item #4, above. 



from the at If ast one of tamper 
resistance and security level of the 
first device class : Normal English, 
incorporating the separately defined 
terms: generating a Digital Signature 
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IT Construction 
for the second load module, the 
Digital Signature Designating that the 
second load module is for use by a 
second Device Class. This element 
further requires that the second 
I Device Class have a different Tamper 
Resistance or security level than the 
first Device Class. 



MS Construction 

class having at least on e of tamper 
resistance and security level different 
from the at least one of tamper 
resistance and security level of the 
first device class : (1) Digitally 
Signing a different ("second") Load 
I Module by using a different 
("second") Digital Signature as the 
signature Key, which signing 
indicates to any and all devices in the 
second Device Class that the signor 
authorized and restricted this Load 
Module for Use by that device. 

(2) No VDE device can perform any 
execution of any Load Module 
without such authorization. The 
method ensures that the Load Module 
cannot execute in a particular Device 
Class and ensures that no device in 
that Device Class has the Key(s) 
necessary to verify the Digital 
Signature. 

(3) All devices in the first Device 
Class have the same persistent (not 

I just occasional) and identified level of 
Tamper Resistance and the same 
persistent and identified level of 
security- All devices in the second 
Device Class have the same 
persistent and identified level of 
Tamper Resistance and same 
persistent and identified level of 

I security. 

(4) The identified level of Tamper 
Resistance or identified level of 
security (or both) for the first Device 

I Class, is greater than or less than the 
identified level of Tamper 
Resistance or identified level of 
security for the second Device Class 

For the purposes of the construction 
of this phrase, a ""Load Module"' is 
defined as set forth in item #4 and 
"ATey" is defined as set forth in item 
#66, above. 



EXHIBrr A TO JOINT CLAIM CONSTRUCTION STATEMENT 
Page 22 of 40 



68. 



69. 



721 Claim 1 
distributing the first 
load module for use 
by at least one 
device in the first 
device class; and 



distributing the 
second load module 
for use by at least 
one device in the 
second device 
class. 



IT rnnstniction 

use : see item #42 above 

device class: see item #66 above 



use : see item #42 above 
device class: see item #66 above 



MS Construction 

use: see item #42 above 

device class: see item #66 above 



use : see item #42 above 
device class: see item #66 above 
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171 



711 aaim 34 
34. A protected 
processing 
environment 

comprising: 



a first tamper 
resistant barrier 
having a first 
security level. 



72 



a first secure 
execution space, 
and 



Patpnt Nn. 6.157 .721, Asserted 
TT Construction 

he claim contains no requirement of 
aVDE 

protected prn^ftssing env ironment: 



34 



see item #62 above 

Protected processing environment" 
appears in the preamble of this claim. 
InterTmst reserves the right to assert 
that it should not be defined, other 
than as requiring the individual claim 
elements. 

tam per resistant barrier : Hardware 



KJUlllJ^*-^* j w w. — 

and/or software that provides Tamper 
Resistance. 



MS Construction 



riaim as a Whole : The "Protected 



Processing Environment" is part of 
and within VDE. (See item #86 for 
Microsoft's construction of VDE.) 

protected processing environment: 



see item #62 above 



tflTTi per resistant barrier : (1) An active 



device that encapsulates and separates 
a Protected Processing Environment 
from the rest of the worid. 

(2) It prevents information and 
processes within the Protected 
Processing Environment from being 
observed, interfered with, and leaving 
except under appropriate conditions 
ensuring security. 

(3) It also Controls external access to 
the encapsulated Secure resources, 
processes and information. 

(4) A Tamper Resistant Barrier is 
capable of destroying protected 
information in response to Tampering 
attempts. 

For the purposes of the construction of 
'Tamper Resistant Barrier," 
''Tamper/Tampering" is defined as set 
forth in item #67, above. 



secure: see item #3 above 



secure: see item #3 above 
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at least one 
arrangement within 
the first tamper 
resistant barrier 
that prevents the 
first secure 
execution space 
fix)m executing the 
same executable 
accessed by a 
second secure 
execution space 
having a second 
tamper resistant 
barrier with a 
second security 
level different from 
the first security 
level. 



IT rnnstniction 

tam per resistant barrier see item #71 



above 

secure: see item #3 above 



executable : A computer program that 
can be run, directly or through 
interpretation. 



MS Construction 

tam per resistant barrier see item #71 
above 

secure : see item #3 above 
executable: A cohesive series of 



machine code instructions in a format 
that can be loaded into memory and 
run (executed) by a connected 
processor. 
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76 



Claim 58 
58. A method of 
creating a first 
secure container, 
said method 
including the 
foll owing steps; 

accessing a 
descriptive data 
structure, said 
descriptive daU 
structure including 
or addressing 



[ Pa tent No. 5^^861, Asserted 
IT Construction 

The claim contains no requirement of 
aVDE. 

gf^rnre container see item #57 above 



1 58 



177 



organization 
information at least 
in part describing a 
required or desired 
organization of a 
content section of 
said first secure 
container, and 



metadata 
information at least 
in part specifying at 
least one step 
required or desired 
in creation of said 
first secure 
containe r: 



secure I 



MS Construction 



riaimasawhole : The recited method 
is performed within a VDE. (See item 
1*86 for Microsoft's construction of 
VDE.) 

<ierA\re container see item #57 above 



Rp.rnre container see item #57 above 



78 



79 



using said 
descriptive data 
structure to organize 
said first secure 
pnntainer contents; 



using said metadata 
information to at 
least in part 
determine specific 
information 
required to be 
included in said first 
secure container 
contents; and 



gpnire container see item #57 above 



cp^iire container see item #57 above 
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Claim 58 

generating or 
identifying at least 
one rule designed to 
control at least one 
aspect of access to 
or use of at least a 
portion of said first 
secure container 
contents. 



TT ronstruction 

rnntml (controlling) : see item #7 



above 

aspect : see item #60 above 

use : see item #42 above 

Qf^riire container: see item #57 above 



MS Construction 

control (controlling) : see item #7 



above 

aspect : see item #60 above 



use : see item #42 above 

secure container see item #57 above 
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L A method for 
i using at least one 
resource processed 
in a secure 
operating 
I environment at a 
I first appliance, said 
method comprisin] 
I securely receiving a 
first entity's control 
at said first 
appliance, said first 
entity being located 
remotely from said 
operating 
environment and 
said first appliance; 



Pat Pnt No. 5,982,891, Asserted 
TT ronstruction 

The claim contains no requirement of a 

VDE. 

secure: see item #3 above 



QPTurelv (secure) : see item #3 above 
control: see item #4 above 



83.1 securely receiving a 
second entity's 
control at said first 
I appliance, said 
[ second entity being 
located remotely 
from said operating 
environment and 
I said first appliance, 
said second entity 
j being different from 
said first entity; and 



control: see item #4 above 



MS Construction 

riaim as a whole: The recited 



method is performed within a VDE. 
(See item #86 for Microsoft*s 
construction of VDE.) 

secure: see item #3 above 



<tpx!iirelv (secure) : see item #3 above 



control: see item #4 above 



c..nn>,lv (secure): s ee item #3 above secuiely (secure) : see item #3 above 



control: see item #4 above 



84. securely processing 
a data item at said 
first appliance, using 
at least one resource, 
including 



85. securely applying, 
at said first 
appliance through 
use of said at least 
one resource said 
\ first entity's control 
and said second 
I entity's control to 
govern use of said 
data item. 



<ipriirelv (secure) : see item #3 above 
use: see item #42 above 
control: see item #4 above 



securelv app ^Y^^ff i ^^^^ ^^^^ 
ap pliance thr nnph use of said at least 

one resource s ^i^ first entity's control 

and said second entitv's control to 

povem use of Raid data item : Normal 

English, incorporating the separately 

defined terms: the first entity^ s Control 



use : see item #42 above 
control: see item #4 above 



govern use of said data item : (1) 
Processing the resource (component 
part of a first appliance's Secure 
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TT ronstruction 

and the second entity's Control are 
Securely applied to govern Use of the 
data item, the act of Securely applying 
involving use of the resource. 



MS Construction 
Operating Environment) within the 
Secure Operating Environment's 
special-purpose Secure Processing 
Unit (SPU) to execute the first 
Control and second Control in 
combination within the SPU, 

(2) This execution of these Controls 
jovems (Controls) all Use of the 
data item by all users, processes, and 
devices. 

(3) The processing of the resource 
and execution of the Controls cannot 
be observed from outside the SPU 
and is performed only after the 
integrity of the resource and 
Controls is cryptographically 
verified. 

(4) A Secure Processing Unit is a 
special-purpose unit isolated from the 
rest of the world in which a hardware 
Tamper Resistant Barrier 
encapsulates a processor and internal 
Secure memory. 

(5) The processor cryptographically 
verifies the integrity of all code 
loaded from the Secure memory 
prior to execution, executes only the 
code that the processor has 
authenticated for its Use, and is 
otherwise Secure. 
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^900 Claim 155 



TT Construction 



155. A virtual 

distribution 

environment 

comprising 



Virtual Distriburion Evironment : This 
term is contained in the preamble of 
the claim and should not be defined, 
other than as requiring the individual 
claim elements. 

Without waiving its position that no 
separate definition is required, if 
required to propose such a definition, 
InterTrust proposes the following: 
secure, distributed electronic 
transaction management and rights 
protection system for controlling the 
distribution and/or other usage of 
electronically provided and/or stored 
information. 



Claim as a Whole: The "virtual 



distribution environment" is VDE. 
Virtual Distribution Environment: 



1 1) nata Securitv and Commeree 
World : InterTrust's February 13, 



MS Construction 



1995, patent application described as 
its "invention" a Virtual Distribution 
Environment ("VDE invention") for 
securing, administering, and auditing 
all security and commerce digital 
information within its multi-node 
world (community). VDE guarantees 
to all VDE "participants" identified in 
the patent application that it will limit 
all Access to and Use (i.e., interaction) 
of such information to authorized 
activities and amounts, will ensure any 
requested reporting of and payment 
for such Use, and will maintain the 
availability, secrecy, integrity, non- 
repudiation and authenticity of all 
such information present at any of its 
nodes (including protected content, 
information about content usage, and 
content Controls.), 

VDE is Secure against at least the 
threats identified in the Feburary 
1995, patent application to this 
availability (no user may delete the 
information without authorization), 
secrecy (neither available nor 
disclosed to unauthorized persons or 
processes), integrity (neither 
intentional nor accidental alteration), 
non-repudiation (neither the receiver 
can disavow the receipt of a message 
nor can the sender disavow the 
origination of that message) and 
authenticity (asserted characteristics 
are genuine). VDE further provides 
and requires the components and 
capabilities described below. 
Anything less than or different than 
this is not VDE or the described 
"invention." 
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IT ronstruction 



MS Construction 

(2) Secure Proc f^-RRinp Environment: 
At each node where VDE-protected 
information is Accessed, Used, or 
assigned control information. VDE 
requires a Secure Processing 
Environment {as set forth in item #6). 

(3) VDE Controls : VDE AUows 
Access to or Use of protected 
information and processes only 
through execution of (and satisfaction 
of the requirements imposed by) VDE 
ControKs). 

f A) VDF Secure Container See 
construction of Secure Container 
(see item #57). 

Nnn-rircumventable : VDE is 
non-circumventable (sequestered). It 
intercepts all attempts by any and all 
users, processes, and devices, to 
Access or Use, such as observing, 
interfering with, or removing) 
protected information, and prevents all 
such attempts other than as allowed by 
execution of (and satisfaction of all 
requirements imposed by) associated 
VDE Controls within Secure 
Processing Environment(s). 

(6)PeertoPeen VDE is peer-to-peer. 
Each VDE node has the innate ability 
to perform any role identified in the 
patent application (e.g., end user, 
content packager, distributor. 
Clearinghouse, etc.), and can protect 
information flowing in any direction 
between any nodes. VDE is not 
client-server. It does not pre- 
designate and restrict one or more 
nodes to act solely as a "server" (a 
provider of information (e.g., authored 
content, control information, etc.) to 
other nodes) or "client" (a requestor of 
such information). All types of 
protected-content transactions can 
proceed without requiring interaction 
with any server. 
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IT ronstruction 



MS Construction 

(7) rnmprphpnsive Range of 
Functions : VDE comprehensively 



governs (Controls) all security and 
commerce activities identified in the 
patent application, including (a) 
metering, budgeting, monitoring, 
reporting, and auditing information 
usage, (b) billing and paying for 
information usage, and (c) negotiating, 
signing and enforcing contracts that 
establish users' rights to Access or Use 
information. 

(R> TTser-Configurable : The specific 
protections governing (Controlling) 
specific VDE-protected information 
are specified, modified, and negotiated 
by VDE's users. For example, VDE 
enables a consumer to place limits on 
the nature of content that may be 
Accessed at her node (e.g., no R-rated 
material) or the amount of money she 
can spend on viewing certain content. 
x>th subject only to other users' senior 
Controls 

(O) r^PTiPral Pur pose: Universal : VDE 
is universal as opposed to being 
limited to or requiring any particular 
type of appliance, information, or 
commerce model. It is a single, 
unified standard and environment 
within which an unlimited range of 
electronic rights protection, data 
security, electronic currency, and 
banking applications can run. 

(10) Flexible: VDE is more flexible 
than traditional information security 
and commerce systems. For example, 
VDE allows consumers to pay for 
only the user-defined portion of 
information that the user actually uses, 
and to pay only in proportion to any 
quantifiable VDE event (e.g., for only 
the number of paragraphs displayed 
from a book), and allows editing the 
content in VDE containers while 
maintaining its security. 
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'Ono riaim 155 



a first host 
processing 
environment 
comprising 



88. 



89. 



190 



' lost Dfocess inp; environment: This 



term is explicitly defined in the claim 
and therefore needs no additional 
definition. It consists of those 
elements listed in the claim. 

Without waiving its position that no 
separate definition is required, if 
required to propose such a definition, 
InterTrust proposes the following: a 
Protected Processing Environment 
incorporating software-based security. 



a central processing 
unit; 



main memory 
operatively 
connected to said 
central processing 
unit; 



mass storage 
operatively 
connected to said 
central processing 
unit and said main 
memory; 



IT rnnstniction 



_ MS Construction 

For the purposes of the construction of 
"VDE,*" "Secure Processing 
Environment and ''Access'" are 
defined as set forth in item #4, above. 



host processing environment : (1) A 



processing environment within a VDE 
node which is not a Secure Processing 
Environment. 

(2) A "host processing environment" 
may either be "secure" or "not 
secure." 

(3) A "secure host processing 
environment" is a self-contained 
Protected Processing Environment, 
formed by loaded. Executable 
programming executing on a general 
purpose CPU (not a Secure Processing 
Unit ) running in protected 
(privileged) mode. 

(4) A "non-secure host processing 
environment" is formed by loaded. 
Executable programming executing 
on a general purpose CPU (not a 
Secure Processing Unit) running in 
user mode. 

For the purposes of the construction of 
"Host Processing Environment," a 
''Secure Processing Environmenf is 
defined as set forth in item #4, above 
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^QOn Claim 155 



said mass storage 
storing tamper 
resistant software 
designed to be 
loaded into said 
main memory and 
executed by said 
central processing 
unit, said tamper 
resistant software 
comprising: 

machine check 
progranmiing which 
derives information 
from one or more 
aspects of said host 
processing 
environment. 



93 



IT Construction 



MS Construction 



derives : Normal English: obtains. 



one or more storage 
locations storing 
said information; 



receives or arrives at through a 
process of reasoning or deduction. In 
the context of computer operations, 
the "process of reasoning or 
deduction" constitutes operations 
carried out by the computer. 

aspect : see item #60 above 



derives : To retrieve from a specified 
source. 



aspect : see item #60 above 



K.ct r.^...in p environment : see item host proressinp environment: see item 
#87 above I ^^^^^^ 



derives information from one or more 
as pects of s? ^iH host processing 
environment : Normal English, 
incorporating the separately defined 
terms: Derives (including creates) 
information based on at least one 
Aspect of the previously referred to 
Host Processing Environment. 



derives information fro m one or more 
as pects of said host processing 
environment : (1) Deriving from the 
Host Processing Environment 
hardware one or more values that 
uniquely and persistendy identify the 
Host Processing Environment and 
distinguish it from other Host 
Processing Environments. 
(2) The "one or more aspects of said 
host processing environment" are 
persistent elements or properties of the 
Host Processing Environment itself 
that are capable of being used to 
distinguish it from other 
environments, as opposed to, e.g., data 
or programs stored within the mass 
storage or main memory, or processes 
executing within the Host Processing 
Environment^ 
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*Qnn Claim 155 

integrity 
programming which 
causes said machine 
check programming 
to derive said 
information, 
compares said 
information to 
information 
previously stored in 
said one or more 
storage locations, 
and 

generates an 
indication based on 
the result of said 
comparison; and 



96 



97. 



TT Construction 

derive : see item #92 above 

compares : Normal English: examines 



programming which 
takes one or more 
actions based on the 
state of said 
indication; • 



said one or more 
actions including at 
least temporarily 
halting further 
processing. 



for the purpose of noting similarities 
and differences. "Comparison" refers 
to the act of comparing. 



above 



MS Construction 

derive : see item #92 above 

compares : A processor operation that 



evaluates two quantities and sets one 
of three flag conditions as a result of 
the comparison - greater than, less 
than, or equal to. 



rom parison (compares) : see item #94 



above 



EXHIBIT A TO JOINT CLAIM CONSTRUCTION STATEMENT 
Page 35 of 40 



98. 



99. 



8. A process 
comprising the 
following steps: 

accessing a first 
record containing 
information directly 
or indirectly 
identifying one or 
more elements of a 
first component 
assembly, 



( Pof^ntNn.S^17i)12, Asserted 
TT ronstniction 



8 



100. 



containing : see item #58 above 

rnm ponent assembl:^ : Components 
are code and/or data elements that are 
independently deliverable. A 
Component Assembly is two or more 
components associated together. 
Component Assemblies are utilized to 
perform operating system and/or 
applications tasks. 



MS Construction 



at least one of said 
elements including 
at least some 



Claim as a whole : The recited method 
is performed within a VDE. (See item 
#93 for Microsoft' s construction of 

VDE.) 

containing : see item #58 above 



rom pnnent assembly : (1) A cohesive 
Executable component created by a 
channel which binds or links together, 
two or more independently deliverable 
Load Modules, and associated data. 

(2) A Component Assembly is 
assembled, and executes, only within a 
VDE Secure Processing Environment. 

(3) A Component Assembly is 
assembled dynamically in response to, 
and to service, a particular content- 
related activity (e.g., a particular Use 
request). 

(4) Each VDE Component Assembly 

is assigned and dedicated to a 
particular activity, particular user(s), 
and particular protected information. 

(5) Each Component Assembly is 
independently assembled, loadable 
and deliverable vis-a-vis other 
Component Assemblies. 

(6) The dynamic assembly of a 
Component Assembly is directed by 
a "blueprint" Record Containing 
control information for this particular 
activity on this particular information 
by this particular user(s). 

(7) Component Assemblies are 
extensible and can be configured and 
reconfigured (modified) by all users, 
and combined by all users with other 
Component Assemblies, subject only 
to other users' "senior" Controls. 



For the purposes of the construction of 
"Component Assembly," '"Load 
Module,'' ''Secure Processing 
Environment and "Record" are 
defined as set forth in item #4 above. 



executable pr ^fn-amming (executable): 



see item #73 above 
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executable programming : A cohesive 
series of machine code instructions, 
comprising a computer program, in a 



^912 Claim 8 

executable 
programming. 



at least one of said 
elements 

constituting a load 
module^^ 



said load module 
including 
executable 
progranuning and 

a header; 
said header 
including an 
execution space 
identifier 
identifying at least 
one aspect of an 
execution space 
required for use 
and/or execution of 
the load module 
associated with said 
header; 



IT ronstniction 



MS Construction 

ormat that can be loaded into memory 
and run (executed) by a connected 
jrocessor. A "computer program" is a 
complete series of definitions and 
instructions that when executed on a 
computer will perform a required or 
requested task. 



executable p ro grammin g (executable): 



see item #73 above 



aspect : see item #59 above 
use : see item #42 above 
identifying at least one aspect of an 



execution space requi red for use 
and/or execution of the load module: 
Normal English, incorporating the 
separately defined tenns: identifying 
an Aspect (e.g. security level) of an 
execution space that is needed in order 
for the load module to execute or 
otherwise be used. 



executable progranuning : see item 



#100 above 



aspect : see item #59 above 



use : see item #42 above 
dentifving at least one aspect of an 



execution space required for use 
and/or execution of the load module : 

(1) Defining fully, without reference 
to any other information, at least one 
of the persistent elements or properties 
(Aspects) (that are capable of being 
used to distinguish it from other 
environments of an execution space) 
that are required for any Use, and/or 
for any execution, of the Load 
Module. 

(2) An execution space without all of 
those required aspects is incapable of 
making any such execution and/or 
other Use (e.g.. Copying, displaying, 
printing) of the Load Module, 

For the purposes of the construction of 
this phrase, a '"Load Module"" is 
defined as set forth in item #4, above 
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105. 



^Q12Claiin8 



said execution 
space identifier 
provides the 
capability for 
distinguishing 
between execution 
spaces providing a 
higher level of 
security and 
execution spaces 
providing a lower 
level of security; 



106. 



107 



108, 



109, 



using said 
information to 
identify and locate 
said one or more 
elements; 
accessing said 
located one or more 
elements; 
securely 
assembling said one 
or more elements to 
form at least a 
portion of said first 
component 
assembl; 

executing at least 
some of said 
executable 
programming; and 



IT ronstniction 



identifier : see item #28 



MS Construction 



identifien see item #28 



checking said 
record for validity 
prior to performing 
said executing step. 



securely : see item #3 above 

rom ponftnt assembly : see item #98 
above 

executable p m pramming (executable): 



see item #73 above 



securely : see item #3 above 



com ponent assembly : see item #98 
above 



executable programming : see item 
#100 above 
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110. 1 35. A process 
comprising the 
following steps: 



I potent NJn. ^misn. Asserted 
TT rnnstniction 

The claim contains no requirement of 
aVDE. 



ifci35 

MS Construction 

riaim as a whole: The recited method 



111. 1 at a first 



1 processing 
environment 
receiving a first 
record from a 
second processing 
I environment 
I remote from said 
I first processing 
I environment; 



1 12. 1 said first record 
being received in a 
j secure container; 
113. 1 said first record 
containing 
identification 
I information 
I directly or 
indirectly 
identifying one or 
more elements of a 
first component 
I assembly; 



QPriim container : see item #57 above 

containing : see item #57 above 

r^om pnnent assembly : see item #98 
above 



is performed within a VDE. (See item 
#86 for Microsoft's construction of 
VDE.) 



containing : see item #57 above 



r-rMTi pnnRnt assembly : see item #98 



above 



YiriS^of said ejrnrntihle pmrrammipp (execulibl^ 
' elements including | see item #73 above 
at least some 
executable 

SS^nent I component assembly: see item ffV5 
assembly allowing above 
access to or use of u 
specified 1 use: see item #42 above 

information; 



115. 



116 



117. 



118. 



said secure 
container also 
including a first of 
said elements; 
accessing said first 
record; 



using said 
identification 
information to 
identify and locate 



#100 above 



above 

use: see item #42 above 



f^prure container see item #57 above 
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said one or more 

i elements; 

j said locating step 
including locating 
a second of said 
1 elements at a third 
1 processing 
I environment 
located remotely 
I from said first 
processing 
environment and 
I said second 
processing 
environment; 



120. 1 accessing said 
located one or 
more elements; 



T2L| said element 
accessing step 
including 
retrieving said 
second element 
from said third 
processing 
environment; 

122. 1 securely 

assembling said 
one or more 
elements to form 
at least a portion 
of said first 
component 
assembly 
specified by said 
first record; and 



lVf<; ronstruction 



gp^iirelv (secure) : see item #3 above 

I r^om ponent assembly : see item #98 
above 



123. 1 executing at least 
some of said 
executable 
programmini 



executable p rn gramminp (executable): 



see item #73 above 



j^pnirelv (secure) : see item #3 above 



nnm ponent assembly : see item #98 



above 



executable pro^amming : see item 



#100 above 



124. 



said executing step 
taking place at said 
first processing 
environment. 
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